2008 FISMA Executive Summary Report
|
|
- Michael Walton
- 8 years ago
- Views:
Transcription
1 2008 FISMA Executive Summary Report PUBLIC REDACTED VERSION September 29, 2008
2 4B M E M O R A N D U M September 29, 2008 To: From: Lew Walker, Acting Chief Information Officer H. David Kotz, Inspector General Subject: 2008 FISMA Executive Summary Report, This memorandum transmits the Securities and Exchange Commission, Office of Inspector General s (OIG) 2008 Federal Information Security Management Act (FISMA) Executive Summary report. This report details our responses to Section C of the Office of Management and Budget FISMA template. The information in the report is provided as a result of our coordination and input from the Office of Information Technology (OIT) and the Senior Agency Official for Privacy and was used to form a consolidated SEC response. The final report consists of three recommendations that are addressed to the OIT. OIT concurred with all of the recommendations and indicated that appropriate action will be taken. In addition to responding to the recommendations, OIT provided comments to the draft report. Should you have any questions regarding this report, please contact Jacqueline Wilson at Attachment cc: Peter Uhlmann, Chief of Staff Diego Ruiz, Executive Director, Office of the Executive Director Ralph Mosios, Acting Chief Security Officer, Office of Information Technology Barbara Stance, Chief Privacy Office, Office of Information Technology Darlene Pryor, Management Analyst, Office of the Executive Director Rick Hillman, Managing Director of Financial Markets and Community Investment, GAO Page 1 of 6
3 0BEXECUTIVE SUMMARY In June 2008, the U.S Securities and Exchange Commission (SEC), Office of Inspector General (OIG), contracted with the Electronic Consulting Services, Inc. (ECS) to assist with the completion and coordination of OIG s input to the SEC s response to the Office of Management and Budget (OMB) Memorandum M The Memorandum provides instructions and templates for meeting the FY 2008 reporting requirements under the Federal Information Security Management Act of 2002 (FISMA) Title III, Pub. L. No ECS commenced work on the project in early August 2008, when the final FISMA templates were promulgated by the OMB. ECS principle tasks included the completion of the OIG portion of the templates and the development of an Executive Summary report. 10BACKGROUND FISMA provides the framework for securing the Federal government s information technology. All agencies must implement the requirements of FISMA and annually report to the OMB and Congress the effectiveness of their Privacy and information security program. OMB uses the information to help evaluate agency specific and government wide privacy performance, development of its annual security report to Congress, assist in improving and maintaining adequate agency privacy performance, and inform development of the E Government Scorecard under the President s Management Agenda. 1BOBJECTIVES The objectives of this report are to provide background information, clarification, and recommendations regarding the OIG s response and input to Section C of the OMB reporting template. Generally, the reporting categories and questions were generally the same as in 2007; however, there were some updates based on security and privacy policies issued this year. The 2008 reporting topics for the OIG reporting template include: FISMA Systems Inventory Page 2 of 6
4 Certification and Accreditation, Security Controls Testing, and Contingency Plan Testing Evaluation of Agency Oversight of Contractor Systems and Quality of Agency System Inventory Evaluation of Agency Plan of Action and Milestone (POA&M) Process Inspector General (IG) Assessment of the Certification and Accreditation Process IG Assessment of the Agency Privacy Program IG Assessment of the Agency Privacy Impact Assessment (PIA) Process Configuration Management Incident Reporting Security Awareness Training Collaborative Web Technologies and Peer to Peer File Sharing E Authentication Risk Assessments There are also some additional questions related to OMB Memorandum M of January 18, 2008, New FISMA Privacy Reporting Requirements for FY The FISMA IG Reporting template contains responses to a fixed set of options designed into the template. In some cases, the responses are either numeric or binary (yes/no). In other cases, responses are limited to qualitative assessments (excellent, good, poor, etc.), or percentages estimates (96% to 100%, 81% to 95%, etc.). The reporting template also provides several fields for optional text comments. 12BRESULTS Key findings and results for the 2008 FISMA evaluation include: Our initial OIG evaluation of systems used by the Division of Enforcement for referrals and the Office of Compliance Inspections and Examinations (OCIE) to assist in the monitoring of registered advisers revealed there were no significant issues. Page 3 of 6
5 The SEC operates a total of 49 systems. Forty four of the systems have been evaluated as having moderate system impact levels. The remaining systems were evaluated as having a low system impact level. SEC almost always performs oversight and evaluations to ensure information systems used or operated by agency contractors, or other organizations on behalf of the agency, to meet applicable requirements. The SEC has developed an inventory of major information systems. The SEC s POA&M process provides an effective roadmap for continuous security improvement, assists with prioritizing corrective action and resource allocation, and is a valuable management and oversight tool. The SEC s overall Certification and Accreditation program is assessed as good. The Privacy Office has made significant progress in its development of privacy resources, in outreach within the SEC and Regional Offices, and in benchmarking externally with other agencies. The SEC has developed and disseminated a formal, documented, configuration management policy (implementation guidance) that satisfactorily addresses security configuration management requirements. SEC systems implement common security configurations; including those available through National Institute of Standards and Technology (NIST) most of the time. SEC did not provide evidence that they have implemented the... Page 4 of 6
6 13BSUMMARY OF RECOMMENDATIONS 1. OIT needs to complete the security controls and contingency plan testing for the remaining systems. 2. OIT needs to address the requirements for, to include: Adopting and implementing the,. Modifying all contracts related to common security settings to include the New Federal Acquisition Regulation language. Implementing the for,. 3. OIG recommends that this Executive Summary Report, along with the completed OIG Reporting Template (provided separately), be used to develop the SEC s annual consolidated FISMA Report in accordance with OMB Memorandum M Page 5 of 6
7 AUDIT REQUEST AND IDEAS The Office of Inspector General welcomes your input. If you would like to request an audit in the future or have an audit idea, please contact us at: U.S. Securities and Exchange Commission Office of Inspector General Attn: Assistant Inspector General, Audits (Audit Request/Idea) 100 F. Street N.E. Washington D.C Hotline To report fraud, waste, abuse, and mismanagement at SEC, contact the Office of Inspector General at: Phone: Web-Based Hotline Complaint Form: Page 6 of 6
CTR System Report - 2008 FISMA
CTR System Report - 2008 FISMA February 27, 2009 TABLE of CONTENTS BACKGROUND AND OBJECTIVES... 5 BACKGROUND... 5 OBJECTIVES... 6 Classes and Families of Security Controls... 6 Control Classes... 7 Control
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Treasury Inspector General for Tax Administration Federal Information Security Management Act Report October 27, 2009 Reference Number: 2010-20-004 This
More informationFiscal Year 2007 Federal Information Security Management Act Report
OFFICE OF INSPECTOR GENERAL Special Report Catalyst for Improving the Environment Fiscal Year 2007 Federal Information Security Management Act Report Status of EPA s Computer Security Program Report No.
More informationInternal Control Review of the Government Purchase Card Program
Internal Control Review of the Government Purchase Card Program September 18, 2008 Report No. 440 UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 OFFICE OF INSPECTOR GENERAL September
More informationPOSTAL REGULATORY COMMISSION
POSTAL REGULATORY COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INFORMATION SECURITY MANAGEMENT AND ACCESS CONTROL POLICIES Audit Report December 17, 2010 Table of Contents INTRODUCTION... 1 Background...1
More informationU.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS. Final Audit Report
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management
More informationFederal Information Security Management Act: Fiscal Year 2014 Evaluation
Federal Information Security Management Act: Fiscal Year 2014 Evaluation OFFICE OF INSPECTOR GENERAL UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 M E M O R A N D U M TO: FROM:
More informationFinal Audit Report -- CAUTION --
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management
More informationEvaluation of the SEC Encryption Program
Evaluation of the SEC Encryption Program Prepared by C5i Federal, Inc. REDACTED PUBLIC VERSION March 26, 2010 UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20S49 O...lc:E 0.. lh.,.ec:tor
More informationHow To Check If Nasa Can Protect Itself From Hackers
SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration
More informationINSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES
INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES Report No.: ISD-IS-OCIO-0001-2014 June 2014 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR Memorandum JUN 0 4 2014 To: From:
More informationOFFICE OF INSPECTOR GENERAL
OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment Evaluation of U.S. Chemical Safety and Hazard Investigation Board s Compliance with the Federal Information Security Management
More informationFinal Audit Report. Report No. 4A-CI-OO-12-014
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Subject: AUDIT OF THE INFORMATION TECHNOLOGY SECURITY CONTROLS OF THE U.S. OFFICE OF PERSONNEL MANAGEMENT'S
More informationOFFICE OF INSPECTOR GENERAL. Audit Report. Evaluation of the Railroad Retirement Board Medicare Contractor s Information Security
OFFICE OF INSPECTOR GENERAL Audit Report Evaluation of the Railroad Retirement Board Medicare Contractor s Information Security Report No. 08-04 September 26, 2008 RAILROAD RETIREMENT BOARD INTRODUCTION
More informationUNITED STATES COMMISSION ON CIVIL RIGHTS. Fiscal Year 2012 Federal Information Security Management Act Evaluation
Memorandum UNITED STATES COMMISSION ON CIVIL RIGHTS Date: November 15, 2012 To: From: Subject: The Honorable Commissioners Frances Garcia, Inspector General Fiscal Year 2012 Federal Information Security
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationDepartment of Homeland Security Office of Inspector General
Department of Homeland Security Office of Inspector General Vulnerabilities Highlight the Need for More Effective Web Security Management (Redacted) OIG-09-101 September 2009 Office of Inspector General
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationEXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 THE DIRECTOR August 6, 2003 M-03-19 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: SUBJECT: Joshua
More informationHARPER, RAINS, KNIGHT & COMPANY, P.A. CERTIFIED PUBLIC ACCOUNTANTS RIDGELAND, MISSISSIPPI
FARM CREDIT ADMINISTRATION INDEPENDENT ACCOUNTANT S REPORT ON AGREED-UPON PROCEDURES: FEDERAL INFORMATION SECURITY MANAGEMENT ACT EVALUATION For the Year Ending September 30, 2005 HARPER, RAINS, KNIGHT
More informationReview of the SEC s Systems Certification and Accreditation Process
Review of the SEC s Systems Certification and Accreditation Process March 27, 2013 Page i Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy
More informationINFORMATION SECURITY. Evaluation of GAO s Program and Practices for Fiscal Year 2012 OIG-13-2
INFORMATION SECURITY Evaluation of GAO s Program and Practices for Fiscal Year 2012 OIG-13-2 Office of the Inspector General U.S. Government Accountability Office Report Highlights February 2013 INFORMATION
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY < Office of Inspector General Letter Report: Review of DHS Financial Systems Consolidation Project OIG-08-47 May 2008 Office of Inspector General U.S. Department of Homeland
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION
More informationFiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Information Technology Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program Report.
More informationAgency Security - What Are the Advantages and Disadvantages
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 The Director M-04-25 August 23, 2004 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: SUBJECT: Joshua
More informationEvaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
More informationOFFICIAL USE ONLY. Department of Energy. DATE: January 31, 2007 Audit Report Number: OAS-L-07-06
DOE F 1325.8 (08-93) United States Government Memorandum Department of Energy DATE: January 31, 2007 Audit Report Number: OAS-L-07-06 REPLY TO ATTN OF: SUBJECT: TO: IG-34 (A06TG041) Evaluation of the "Office
More informationDepartment of Homeland Security Office of Inspector General. Audit of Application Controls for FEMA's Individual Assistance Payment Application
Department of Homeland Security Office of Inspector General Audit of Application Controls for FEMA's Individual Assistance Payment Application OIG-09-104 September 2009 Table of Contents Objectives,
More information2014 Audit of the CFPB s Information Security Program
O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-C-020 2014 Audit of the CFPB s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL
More informationReport of Evaluation OFFICE OF INSPECTOR GENERAL E-09-01. Tammy Rapp Auditor-in-Charge FARM CREDIT ADMINISTRATION
OFFICE OF INSPECTOR GENERAL Report of Evaluation OIG 2009 Evaluation of the Farm Credit Administration s Compliance with the Federal Information Security Management Act E-09-01 November 18, 2009 Tammy
More informationSMITHSONIAN INSTITUTION
SMITHSONIAN INSTITUTION FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) 2012 INDEPENDENT EVALUATION REPORT TABLE OF CONTENTS PURPOSE 1 BACKGROUND 1 OBJECTIVES, SCOPE, AND METHODOLOGY 2 SUMMARY OF RESULTS
More informationDepartment of Homeland Security
DHS System To Enable Telework Needs a Disaster Recovery Capability OIG-14-55 March 2014 Washington, DC 20528 / www.oig.dhs.gov March 21, 2014 MEMORANDUM FOR: FROM: SUBJECT: Luke J. McCormack Chief Information
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationHARPER, RAINS, KNIGHT & COMPANY, P.A. CERTIFIED PUBLIC ACCOUNTANTS & CONSULTANTS RIDGELAND, MISSISSIPPI
FARM CREDIT ADMINISTRATION OFFICE OF INSPECTOR GENERAL FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 EVALUATION For the Fiscal Year Ending September 30, 2007 HARPER, RAINS, KNIGHT & COMPANY, P.A.
More informationSemiannual Report to Congress. Office of Inspector General
Semiannual Report to Congress Office of Inspector General Federal Election Commission 999 E Street, N.W., Suite 940 Washington, DC 20463 April 1, 2005 September 30, 2005 November 2005 TABLE OF CONTENTS
More informationAUDIT REPORT. The Energy Information Administration s Information Technology Program
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Energy Information Administration s Information Technology Program DOE-OIG-16-04 November 2015 Department
More informationOFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION CONTRACTOR SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 CREDENTIALS June 2012 A-14-11-11106
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationUnited States Patent and Trademark Office
U.S. DEPARTMENT OF COMMERCE Office of Inspector General United States Patent and Trademark Office FY 2009 FISMA Assessment of the Patent Cooperation Treaty Search Recordation System (PTOC-018-00) Final
More informationFive-Year Strategic Plan
U.S. Department of Education Office of Inspector General Five-Year Strategic Plan Fiscal Years 2014 2018 Promoting the efficiency, effectiveness, and integrity of the Department s programs and operations
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Taxpayer Data Used at Contractor Facilities May Be at Risk for Unauthorized Access or Disclosure May 18, 2010 Reference Number: 2010-20-051 This report
More informationU.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL
U.S. ENVIRNMENTAL PRTECTIN AGENCY FFICE F INSPECTR GENERAL Evaluation Report Catalyst for Improving the Environment Evaluation of the U.S. Chemical Investigation Board s Compliance with the Federal Information
More informationControls Over EPA s Compass Financial System Need to Be Improved
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Controls Over EPA s Compass Financial System Need to Be Improved Report No. 13-P-0359 August 23, 2013 Scan this mobile code to learn more
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More informationDepartment of Homeland Security
CBP Acquisition of Aviation Management Tracking System OIG-12-104 (Revised) August 2012 August 31, 2012 Background The (DHS) has the world s largest law enforcement aviation organization. Both U.S. Customs
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More information2012 FISMA Executive Summary Report
2012 FISMA Executive Summary Report March 29, 2013 UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 OI'!'ICEOI' lnstfl! C1'0R GENERAt MEMORANDUM March 29,2013 To: Jeff Heslop, Chief
More informationFinal Audit Report FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2012. Report No. 4A-CI-00-12-016
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Subject: FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2012 Report No. 4A-CI-00-12-016 Date:
More informationDepartment of Homeland Security Office of Inspector General
Department of Homeland Security Office of Inspector General Review of the Department of Homeland Security s Master List of Recovery Act Contracts and Grants American Recovery and Reinvestment Act of 2009
More informationPROCUREMENT. Actions Needed to Enhance Training and Certification Requirements for Contracting Officer Representatives OIG-12-3
PROCUREMENT Actions Needed to Enhance Training and Certification Requirements for Contracting Officer Representatives OIG-12-3 Office of Inspector General U.S. Government Accountability Office Report Highlights
More informationAudit of the Department of State Information Security Program
UNITED STATES DEPARTMENT OF STATE AND THE BROADCASTING BOARD OF GOVERNORS OFFICE OF INSPECTOR GENERAL AUD-IT-15-17 Office of Audits October 2014 Audit of the Department of State Information Security Program
More informationBriefing Report: Improvements Needed in EPA s Information Security Program
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Briefing Report: Improvements Needed in EPA s Information Security Program Report No. 13-P-0257 May 13, 2013 Scan this mobile code to learn
More informationCompliance Risk Management IT Governance Assurance
Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems
More informationINSPECTION CLOUD COMPUTING SECURITY DOCUMENTATION IN THE CYBER SECURITY ASSESSMENT MANAGEMENT SOLUTION
INSPECTION CLOUD COMPUTING SECURITY DOCUMENTATION IN THE CYBER SECURITY ASSESSMENT MANAGEMENT SOLUTION Report No.: 2015-ITA-017 November 2015 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR
More information2IÀFHRI,QVSHFWRU*HQHUDO
2IÀFHRI,QVSHFWRU*HQHUDO FEMA s Efforts To Collect a $23.1 Million Debt from the State of Louisiana Should Have Been More Aggressive OIG-14-134-D September 2014 Washington, DC 20528 / www.oig.dhs.gov September
More informationOffice of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit
Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit Consumer Financial Protection Bureau September 2012 September 28, 2012 MEMORANDUM TO: FROM: SUBJECT:
More informationPlan of Action and Milestones (POA&M) Training Session
Plan of Action and Milestones (POA&M) Training Session Jamie Nicholson IM-31, Policy, Guidance, & Planning Division U.S. Department of Energy Office of the Associate CIO for Cyber Security 1 Objectives
More informationDepartment of Homeland Security
Department of Homeland Security National Flood Insurance Program s Management Letter for FY 2011 DHS Consolidated Financial Statements Audit (Redacted) OIG-12-71 April 2012 (Revised) Office of Inspector
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01
More information2IÀFHRI,QVSHFWRU*HQHUDO
2IÀFHRI,QVSHFWRU*HQHUDO FEMA s Slab Removal Waiver in Oklahoma 4117-DR-OK OIG-14-100-D June 2014 Washington, DC 20528 / www.oig.dhs.gov June 6, 2014 MEMORANDUM FOR: George A. Robinson Regional Administrator,
More informationThe Certification and Accreditation of Computer Systems Should Remain in the Computer Security Material Weakness. August 2004
The Certification and Accreditation of Computer Systems Should Remain in the Computer Security Material Weakness August 2004 Reference Number: 2004-20-129 This report has cleared the Treasury Inspector
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT USE OF APPROPRIATED FUNDS TO SETTLE A CLAIM
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT USE OF APPROPRIATED FUNDS TO SETTLE A CLAIM EVALUATION REPORT NO. I-EV-EAC-01-10 SEPTEMBER 2010 U.S. ELECTION ASSISTANCE COMMISSION
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department
More informationMarch 17, 2015 OIG-15-43
Information Technology Management Letter for the U.S. Citizenship and Immigration Services Component of the FY 2014 Department of Homeland Security Financial Statement Audit March 17, 2015 OIG-15-43 HIGHLIGHTS
More informationAUDIT OF NASA S EFFORTS TO CONTINUOUSLY MONITOR CRITICAL INFORMATION TECHNOLOGY SECURITY CONTROLS
SEPTEMBER 14, 2010 AUDIT REPORT OFFICE OF AUDITS AUDIT OF NASA S EFFORTS TO CONTINUOUSLY MONITOR CRITICAL INFORMATION TECHNOLOGY SECURITY CONTROLS OFFICE OF INSPECTOR GENERAL National Aeronautics and Space
More informationPRIVACY IMPACT ASSESSMENT TEMPLATE
PRIVACY IMPACT ASSESSMENT TEMPLATE Name of System/Application: TeamMate Automated Audit Documentation System Program Office: Office of Inspector General Once the Privacy Impact Assessment is completed
More informationFederal Communications Commission Office of Inspector General. FY 2003 Follow-up on the Audit of Web Presence Security
Federal Communications Commission Office of Inspector General FY 2003 Follow-up on the Audit of Web Presence Security Audit Report No. 03-AUD-09-21 October 20, 2004 TABLE OF CONTENTS Page EXECUTIVE SUMMARY
More informationAudit of the Board s Information Security Program
Board of Governors of the Federal Reserve System Audit of the Board s Information Security Program Office of Inspector General November 2011 November 14, 2011 Board of Governors of the Federal Reserve
More informationSTATEMENT OF MARK A.S. HOUSE OF REPRESENTATIVES
STATEMENT OF MARK A. FORMAN ASSOCIATE DIRECTOR FOR INFORMATION TECHNOLOGY AND ELECTRONIC GOVERNMENT OFFICE OF MANAGEMENT AND BUDGET BEFORE THE COMMITTEE ON GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT
More informationOFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION THE IMPACT ON NETWORK SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S OPERATING SYSTEMS CONVERSIONS September 2004 A-14-04-24019 AUDIT REPORT
More informationAUDIT REPORT. Federal Energy Regulatory Commission s Unclassified Cybersecurity Program 2015
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Federal Energy Regulatory Commission s Unclassified Cybersecurity Program 2015 OAI-L-16-02 October 2015
More informationFinal Audit Report FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2013. Report No. 4A-CI-00-13-021. Date:
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Subject: FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY 2013 Report No. 4A-CI-00-13-021 Date:
More informationFISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS
TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2
More informationW September 14, 1998. Final Report on the Audit of Outsourcing of Desktop Computers (Assignment No. A-HA-97-047) Report No.
W September 14, 1998 TO: FROM: SUBJECT: AO/Chief Information Officer W/Assistant Inspector General for Auditing Final Report on the Audit of Outsourcing of Desktop Computers (Assignment No. A-HA-97-047)
More informationOFFICE OF THE INSPECTOR GENERAL
OFFICE OF THE INSPECTOR GENERAL AUDIT PLAN FISCAL YEAR 2016 INTRODUCTION I am pleased to present the fiscal year 2016 audit plan, which communicates the Office of the Inspector General s (OIG) priorities
More informationMay 2, 2016 OIG-16-69
Information Technology Management Letter for the United States Secret Service Component of the FY 2015 Department of Homeland Security Financial Statement Audit May 2, 2016 OIG-16-69 DHS OIG HIGHLIGHTS
More informationFederal Communications Commission Office of Inspector General
Federal Communications Commission Office of Inspector General Report on Government Information Security Reform Act Evaluation - Findings and Recommendations Report No. 01-AUD-11-43 November 29, 2001 Executive
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Improvements Are Needed to the Information Security Program March 11, 2008 Reference Number: 2008-20-076 This report has cleared the Treasury Inspector
More informationDepartment of Homeland Security Office of Inspector General. Review of U.S. Coast Guard Enterprise Architecture Implementation Process
Department of Homeland Security Office of Inspector General Review of U.S. Coast Guard Enterprise Architecture Implementation Process OIG-09-93 July 2009 Contents/Abbreviations Executive Summary...1 Background...2
More informationDepartment of Homeland Security
U.S. Citizenship and Immigration Services Tracking and Monitoring of Potentially Fraudulent Petitions and Applications for Family-Based Immigration Benefits OIG-13-97 June 2013 Washington, DC 20528 / www.oig.dhs.gov
More informationDepartment of Homeland Security Office of Inspector General
Department of Homeland Security Office of Inspector General Penetration Testing of Law Enforcement Credential Used to Bypass Screening (Unclassified Summary) OIG-09-99 September 2009 Office of Inspector
More informationAudit Report. The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013
Audit Report The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 A-14-13-13086 November 2013 MEMORANDUM Date: November 26,
More informationDepartment of Homeland Security Office of Inspector General
Department of Homeland Security Office of Inspector General Better Monitoring and Enhanced Technical Controls Are Needed to Effectively Manage LAN-A (Redacted) OIG-09-55 April 2009 Office of Inspector
More informationEVALUATION OF THE SMALL BUSINESS ADMINISTRATION'S INFORMATION SECURITY PROGRAM
EVALUATION OF THE SMALL BUSINESS ADMINISTRATION'S INFORMATION SECURITY PROGRAM Report Number: 07-74 Date Issued: February 22, 2007 U.S. Small Buslnws Admlnlstratlon OW- of Inspdor General Memorandum Christine
More informationU.S. Department of Energy Office of Inspector General Office of Audit Services. Audit Report. Security Over Wireless Networking Technologies
U.S. Department of Energy Office of Inspector General Office of Audit Services Audit Report Security Over Wireless Networking Technologies DOE/IG-0617 August 2003 Department of Energy Washington, DC 20585
More information~:~~:ation Officer ~'
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY WASHINGTON, D.C. 20460 OFFICE OF APR 2 2015 ENVIRONMENTAL INFORMATION MEMORANDUM SUBJECT: Revised Corrective Action Plan to Office of Inspector General Report
More informationJuly 17, 2006 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES
M-06-20 EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 July 17, 2006 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: SUBJECT: Clay Johnson III
More informationNARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014
NARA s Information Security Program OIG Audit Report No. 15-01 October 27, 2014 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit Results... 8 Appendix
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Evaluation Report The Department's Unclassified Cyber Security Program 2011 DOE/IG-0856 October 2011 Department of
More informationDeputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.
Deputy Chief Financial Officer Peggy Sherry And Chief Information Security Officer Robert West U.S. Department of Homeland Security Testimony Before the Subcommittee on Government Organization, Efficiency
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION A Complete Certification and Accreditation Is Needed to Ensure the Electronic Fraud Detection System Meets Federal Government Security Standards September
More informationchieving organizational and management excellence
M Aa Nn Aa Gg Ee Mm Ee Nn T t I Nn tt ee gg rr aa tt ii oo n N G Oo Aa L l * P e r f o r m a n c e S e c t i o n M a n a g e m e n t I n t e g r a t i o n G o a l Achieve organizational and management
More information2014 Audit of the Board s Information Security Program
O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-B-019 2014 Audit of the Board s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL
More informationDepartment of Homeland Security Office of Inspector General. FLETC Leases for Dormitories 1 and 3
Department of Homeland Security Office of Inspector General FLETC Leases for Dormitories 1 and 3 OIG-10-02 October 2009 Office of Inspector General U.S. Department of Homeland Security Washington, DC 20528
More informationDepartment of Homeland Security
for the Immigration and Customs Enforcement Component of the FY 2013 Department of Homeland Security s Financial Statement Audit OIG-14-85 April 2014 OFFICE OF INSPECTOR GENERAL Department of Homeland
More informationREPORT ON FY 2006 FISMA AUDIT OF THE SMITHSONIAN INSTITUTION S INFORMATION SECURITY PROGRAM
REPORT ON FY 2006 FISMA AUDIT OF THE SMITHSONIAN INSTITUTION S INFORMATION SECURITY PROGRAM Cotton & Company LLP Auditors Advisors 635 Slaters Lane, 4 th Floor Alexandria, Virginia 22314 703.836.6701 www.cottoncpa.com
More informationDepartment of Homeland Security
Department of Homeland Security Offce of Intelligence and Analysis Management Letter for FY 2012 DHS Consolidated Financial Statements Audit OIG-13-76 April 2013 OFFICE OF INSPECTOR GENERAL Department
More informationUnited States Department of Agriculture Office of Inspector General
United States Department of Agriculture Office of Inspector General United States Department of Agriculture Office of Inspector General Washington, D.C. 20250 DATE: December 21, 2011 AUDIT NUMBER: TO:
More information